Customer Consents – I ask the customer once, and that’s it, right?

Taktsoft Podcast with Stefan Sedlacek

In episode 29 of its Software Developer Podcast, Taktsoft spoke with Stefan Sedlacek, CEO of TOLERANT Software, about customer consent for marketing campaigns. How can this data be collected, archived and proven in an automated way? Which legal aspects have to be considered? What role does data quality play in the execution of marketing actions?
The podcast interview was conducted by Taktsoft host Ashley Steele. You can read an excerpt from the interview here.

Taktsoft: Hi Stefan, to get right into the topic, I have to ask you now if you’re okay with us recording this podcast? Do I need to get your consent, so to speak, from you as my customer or not?

Stefan Sedlacek: That’s a good question. Are we already processing personal data at this point? I would say no. In principle, consent is already implicit.

Taktsoft: Let’s start by explaining the topic. What is customer consent actually about? 

Stefan Sedlacek: The European Union enacted a new General Data Protection Regulation in 2016, which has been effective since 2018. Since then, no personal data may be processed unless it is expressly permitted by law or the data subject whose data is to be processed has consented to the processing. Since then, of course, companies have faced the problem of having to obtain this consent. That’s what the topic of customer consent is all about.

Taktsoft: You mentioned the European Union. Are there any other legal aspects beyond that, the GDPR for example? Can you say something about the legal framework?

Stefan Sedlacek: Yes, perhaps at this point you can simply say that customers have been given a whole range of new rights with regard to their data. For example, they now also have the right to information. This means that I can go to a company and say, “Please inform me about all the data you have stored about me.” This also includes the right to rectification and deletion, so the customer can demand that his data be deleted again. Or if, for example, he has discovered that there is incorrect data in it, he can have it corrected. In addition, the customer also has the right to object. He can now say that his data should not be processed at all. In case of doubt, that leads to the company then saying, “Okay, then we can’t do business because we can’t process your data that we need to do that.” But it’s definitely a right that the customer has. The customer’s rights have been significantly strengthened in the framework.

Taktsoft: So the customer has the right to understand what’s happening with their data. Let’s move on to the specific procedure. How do you obtain customer consent? What does a company have to take into account? Two buzzwords I have in mind are opt-in and opt-out. What do they mean and how transparent does a company have to be when it comes to obtaining customer consent?

Stefan Sedlacek: Okay, first to the first question: How do I get consent from the customers? In practical terms, I have to ask the customers. And it is not fixed how I ask the customers, but I can obtain consent by e-mail, via a flyer, online or even by SMS. But the important thing is that I ask the customers. And if the customers then give me this consent, then I have an opt-in, so to speak, i.e. permission. With this permission, I can then – depending on the type of consent I have obtained – continue to process the data and then also act accordingly for the purpose. And this is perhaps also already a very important point that I have to consider when I obtain consent: I have to inform the customers for which processing purpose I am obtaining their data. In addition, the reason for processing must also be stated. Why am I processing the data? Do I want to fulfill legal obligations with it? And what are the legal obligations behind this processing? You have to specify that as well.

Taktsoft: What technologies can be used to automate or simplify the process of obtaining customer consent?

Stefan Sedlacek: The technologies are not fixed. But in the age of digitalization, you should of course obtain such consents online if possible. Of course, I can also hand out handouts to the customer during the conversation. Then I have him sign it. But if you look at the processes afterwards, you find that the information is scanned and processed online in the end. It would be better to do this right from the start. You then take online technologies, such as REST interfaces, with which you transmit your data to a central database. Or you use an online web form written in HTML or in Java Script and Angular.

Taktsoft: So you use the standard methods in the field of digitization. When you build these web applications, you build these steps into the workflow where the customer registers or comes to the website. 

Stefan Sedlacek: Yes, exactly.

Taktsoft: Now let’s move on to data quality. Customers visit a website and fill out a form. However, some of them may not be very careful with their data entry. Then, for example, the last name is misspelled, or the first name, or there is a typing error in the address, etc. How do you deal with that? How can you find out how good the quality of the data you have received actually is? 

Stefan Sedlacek: If I want to find out how good the data quality is, then I also need to have the chance to measure the data quality. There are tools on the market that can do that, that can process the data, and that can also measure the data quality. Whereas measuring is only a precursor of what I actually want to achieve. I actually want to get really good data for myself, to keep my processes clean, to make my processes run smoother and smoother. And poor data quality is always a great hindrance. If I have poor data quality, then I very quickly get a lot of duplicates in the system. Because then I can no longer recognize whether several data records really belong together. There are tools that prevent this. Keyword: Fuzzy duplicate recognition. But if I don’t have such tools, I get a lot of duplicates in the system, which in turn can lead to a loss of reputation with the customer, because he is then contacted several times. It can lead to me not even recognizing that I have consent for a customer. Or it can lead to me not recognizing which consent was the correct one. For example, a customer may send an objection to their last consent because they no longer want to be contacted by email or phone. If the company then has that customer as a duplicate in the system, then it may attach the objection to the wrong record. And that can lead to a lot of trouble.

Taktsoft: That means collecting data is only step 1. The second step is to really understand how good the data actually is. And then it’s important to process the data with the appropriate tools that you mentioned so that you don’t have duplicates. But what about life cycle management? People move around, yes. They get a new mobile number, they move, they change employers, etc. How do you deal with that? How do you make sure that this data is always of good quality? After all, it’s not a process you do once. It has to be checked all the time. How do you do something like that?

Stefan Sedlacek: You’ve already said it in principle. Data quality is not a one-time process, it has to be optimized regularly. And if I have my tools in the company, then I really have to look regularly at duplicates, at moves, and at the formatting of the data. Whether the data still corresponds to the desired format. Especially with phone numbers, you should always look to have a consistent format so that you can get the different records on top of each other. For duplicate detection, as I said, there are many tools on the market. Also good tools. Of the good tools, there are numerically somewhat fewer. And there are even fewer tools in the area of relocation detection, because this also requires the collection of data, which in turn is subject to a certain consent requirement. But such tools do exist. Customers who move also want the companies they work with to be aware of the move.

Taktsoft: If I’m satisfied with the way a company handles my data, then I’m happy to say, “Hey, I’ve got a new phone number or I’ve moved.” That can also come from the customer proactively.

Stefan Sedlacek: Yes, indeed. In any case, the company should pay attention to the workflow of its data quality and customer management process. What happens when a new phone number comes into the system? Then the consent has to be adjusted. Under certain circumstances, the old consent then becomes invalid because it relates to a specific telephone number. If you are clever, you can ask the customer to give a new consent at the same time.

Taktsoft: It’s a very complex topic that you’ve introduced to us in the last few minutes. You did a great job explaining how to get the customer’s consent, what you’re allowed to do with it, and how to proceed in order to get good data quality.

Stefan Sedlacek: Thank you very much for your summary. I think we did a good job of going through the different aspects. It’s been a lot of fun.

Taktsoft: Stefan, thank you very much. Take care and have a great day!